Phishers increasingly target brands

The APWG is reporting in its latest Global Phishing Survey: Trends and Domain Name Use study that an increasing number of brands and their users have been targeted by phishers. The number surged nearly 20 percent between the second half of 2012 and the first half of 2013.

The study, released at the APWG’s annual conference in San Francisco, found that criminals targeted 720 brands, an increase of almost 18 percent from the second half of 2012. Many brands were attacked several times a week on average, with eighty brands attacked 100 or more times each during the 26-week period. Half of the targets were attacked one to three times during the period.

“This increase shows that phishers are looking for new opportunities, and new victims,” said Rod Rasmussen, President & CTO of IID, and a co-author of the study.

APWG analysts found that PayPal was again the world’s most-targeted institution for phishing attacks, with some 18 percent (13,498 attacks) of all campaigns directed against the company and its users in 1H2013. Taobao.com, the Chinese shopping site, was second-most-attacked in the survey period with 9 percent (6,605) of recorded phishing attacks.

Of the 53,685 phishing domains identified, the authors found 12,173 domain names that they believe were registered maliciously by phishers–double the 5,835 found in 2H2012. This increase is attributable to a sudden increase in domain registrations by Chinese phishers. Of these malicious registrations, at least 8,240 (68%) were registered to phish Chinese targets—services and sites in China that serve a primarily Chinese customer base. The phishing sites used domain names purchased at both Chinese and American registrars, and were hosted in China, the United States, and elsewhere.

“A large portion of phishing attacks used domain registration, hosting, and payment processing companies in different countries,” said Greg Aaron, President of Illumintel Inc., and a co-author of the study. “As a result, everyone ended up losing–except the phishers. It’s a reminder that timely, international cooperation in the private sector is needed in order to combat e-crime.”